On Wed, Jan 03, 2018 at 12:04:50PM -0500, Jeffrey J. Persch wrote: > Greetings, >
Hi Jeffrey, > We have been load testing 1.8.3 and noticed SSL caching was broken in 1.8 > during the shctx refactoring. > > New SSL connections will cache up until tune.ssl.cachesize, then no > connections will ever be cached again. > > In haproxy 1.7 and before, the SSL cache works correctly as a LRU cache. > > > [...] > > This appears to independent of target & openssl version, we have reproduced > on linux2628 openssl 1.0.1k-fips and osx openssl 1.0.2n. > > Any insights appreciated. > I'm able to reproduce the problem thanks to your detailed example, it looks like a regression in the code. I will check the code to see what's going on. -- William Lallemand
